5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

5247ccedc9...9e.exe

windows7-x64

5247ccedc9...9e.exe

windows10-2004-x64

8

Sharing

General

Target

5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e
Size

13KB
Sample

221203-jt44fafh89
MD5

d5c5f9a8736c119ed87dfc7661d0cc24
SHA1

790eac77fd7d51ac19c36a35afa89ae8492e9b16
SHA256

5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e
SHA512

7b0464eb27ea0277b776ad073cca8fed50c4d2b39d2d4fe7fc6f04c62af282f6fa1dbdbc6f9af5cbba0d68bc03b6fa4e9642f007508a15cae6ecd21544143426
SSDEEP

192:tfx1/biSj4MLsQ2BX13AakSvUkt7KeBDTdiPdP6lTDQc2nFaNJhLkwcud2DH9Vw9:tfxnT2BX1JNVjKVK2FaNJawcudoD7Ub

Score

10^/10

evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe

Resource

win7-20220901-en

evasion trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e
- Size
  
  13KB
- MD5
  
  d5c5f9a8736c119ed87dfc7661d0cc24
- SHA1
  
  790eac77fd7d51ac19c36a35afa89ae8492e9b16
- SHA256
  
  5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e
- SHA512
  
  7b0464eb27ea0277b776ad073cca8fed50c4d2b39d2d4fe7fc6f04c62af282f6fa1dbdbc6f9af5cbba0d68bc03b6fa4e9642f007508a15cae6ecd21544143426
- SSDEEP
  
  192:tfx1/biSj4MLsQ2BX13AakSvUkt7KeBDTdiPdP6lTDQc2nFaNJhLkwcud2DH9Vw9:tfxnT2BX1JNVjKVK2FaNJawcudoD7Ub
Score

10^/10

evasion trojan upx
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanupx

behavioral2

© 2018-2025

Terms | Privacy